Wiki & SSL

[Lucian Adrian Grijincu]

On Fri, Oct 8, 2010 at 10:09 PM, Clint Byrum <clint at ubuntu.com> wrote:
> Right, though if that site is *delivered via ssl* and the cert is from
> a trusted organization, you can trust the source of that information..
> if you click "history" you know you're getting the real history.
>
> So if the attacker did not redirect to SSL, then you are not on an
> SSL site, and you should be *suspicious*.


I AM a person that has a very high regard towards security (I don't
have the same password on two different sites, I notice when a HTTP
site asks me for my password, I always check the URL of the website
before entering my passwords, etc.) but I have not noticed until now
that the wiki.ubuntu.com is always on HTTPS and I don't think I would
have noticed when it would have loaded as HTTP.

I know that when I get history from wikipedia in clear HTTP, anyone
can tamper with that info. The same for travel information I read
online, news and all the rest. I know everything in HTTP can be
forged. But I do take everything with a grain of salt. Just because
it's written on a publicly editable wiki, with all edits accounted
for, I know not to trust that info with my life in the first place.
The fact that possible lies or mistakes might be tampered with on
their way to my computer does not make me any more suspicious of that
data.

I don't think anyone goes around poking every bit of info they can
find about the authors that changed something in the history of a
document. I'm sure I can go register the wiki user JomoBacon or
IonoBacon and make some edits as him on a number of pages and all this
always-HTTPS snake-oil won't save most users from anything.

-- 
 .
..: Lucian